[JENKINS-34805] Delivery Pipeline plugin doesn't create the environment variable PIPELINE_VERSION since upgrade

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: delivery-pipeline-plugin
Labels:
Environment:
Jenkins 2.3
delivery-pipeline plugin 0.9.9
SECURITY-170 / CVE-2016-3721

Similar Issues:
Powered by SuggestiMate

Show

After upgrading to Jenkins 2.2
delivery-pipeline plugin 0.9.9

The environment variable PIPELINE_VERSION doesn't get created and stored for the initial job. This is due to SECURITY-170 / CVE-2016-3721. Please see https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11.

Original behaviour can be restored for testing purposes by setting hudson.model.ParametersAction.keepUndefinedParameters=true

is related to

JENKINS-38062 "Create Delivery Pipeline version" errors

Open

grant jew created issue - 2016-05-13 14:28

grant jew added a comment - 2016-05-13 15:52

downgraded to 2.0 and the PIPELINE_VERSION gets created and forwarded to downstream jobs.

grant jew added a comment - 2016-05-13 15:52 downgraded to 2.0 and the PIPELINE_VERSION gets created and forwarded to downstream jobs.

Ian Bamforth added a comment - 2016-05-16 10:27 - edited

Now also released in 1.651.2.

Ian Bamforth added a comment - 2016-05-16 10:27 - edited Now also released in 1.651.2.

Jeebitesh Kalantri made changes - 2016-05-16 13:39

Labels

New: 2.0 delivery-pipeline-plugin-0.9.9 jenkins2.0

Jeebitesh Kalantri added a comment - 2016-05-16 13:42

We need fix for this ASAP.
Workaround :- Use plugin Formatted Version Number to create PIPELINE_VERSION environment variable this should fix the issue for time being

Jeebitesh Kalantri added a comment - 2016-05-16 13:42 We need fix for this ASAP. Workaround :- Use plugin Formatted Version Number to create PIPELINE_VERSION environment variable this should fix the issue for time being

Daniel Beck added a comment - 2016-05-16 14:40

Probably SECURITY-170 from https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 and the plugin sending parameters that aren't defined on the job. Workaround: Define the parameter on the job.

Daniel Beck added a comment - 2016-05-16 14:40 Probably SECURITY-170 from https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 and the plugin sending parameters that aren't defined on the job. Workaround: Define the parameter on the job.

Pablo González added a comment - 2016-05-16 16:53

yeap! that is the reason. When the variable is declared in task then it is created, but yet still an issue when the variable is passed to another task.
Although the variable is declared in the task, still blank until end. In the parameters list there are two variables PIPELINE_VERSION one with the value created in the first task and another one in blank.
i can't make the workaround works in docker version yet.

Pablo González added a comment - 2016-05-16 16:53 yeap! that is the reason. When the variable is declared in task then it is created, but yet still an issue when the variable is passed to another task. Although the variable is declared in the task, still blank until end. In the parameters list there are two variables PIPELINE_VERSION one with the value created in the first task and another one in blank. i can't make the workaround works in docker version yet.

Tommy Tynjä made changes - 2016-05-18 06:43

Assignee	Original: Patrik Boström [ patbos ]	New: Tommy Tynjä [ tommysdk ]
Description	Original: After upgrading to Jenkins 2.2 delivery-pipeline plugin 0.9.9 The environment variable PIPELINE_VERSION doesn't get created and stored for the initial job. We use this in our downstream jobs which are all breaking now.	New: After upgrading to Jenkins 2.2 delivery-pipeline plugin 0.9.9 The environment variable PIPELINE_VERSION doesn't get created and stored for the initial job. This is due to SECURITY-170 / CVE-2016-3721. Please see https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11. Original behaviour can be restored for testing purposes by setting hudson.model.ParametersAction.keepUndefinedParameters=true
Environment	Original: Jenkins 2.3 delivery-pipeline plugin 0.9.9	New: Jenkins 2.3 delivery-pipeline plugin 0.9.9 SECURITY-170 / CVE-2016-3721

Tommy Tynjä added a comment - 2016-05-18 06:43

This issue is also mentioned on: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170

Tommy Tynjä added a comment - 2016-05-18 06:43 This issue is also mentioned on: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170

Tommy Tynjä made changes - 2016-05-18 08:23

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Assignee:: Tommy Tynjä

Reporter:: grant jew

Votes:: 5 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2016-05-13 14:28

Updated:: 2017-03-23 22:39

Resolved:: 2016-06-10 06:33

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: grant jew added a comment - 2016-05-13 15:52

Expand comment: grant jew added a comment - 2016-05-13 15:52

Collapse comment: Ian Bamforth added a comment - 2016-05-16 10:27, Edited by Ian Bamforth - 2016-05-16 10:27

Expand comment: Ian Bamforth added a comment - 2016-05-16 10:27, Edited by Ian Bamforth - 2016-05-16 10:27

Collapse comment: Jeebitesh Kalantri added a comment - 2016-05-16 13:42

Expand comment: Jeebitesh Kalantri added a comment - 2016-05-16 13:42

Collapse comment: Daniel Beck added a comment - 2016-05-16 14:40

Expand comment: Daniel Beck added a comment - 2016-05-16 14:40

Collapse comment: Pablo González added a comment - 2016-05-16 16:53

Expand comment: Pablo González added a comment - 2016-05-16 16:53

Collapse comment: Tommy Tynjä added a comment - 2016-05-18 06:43

Expand comment: Tommy Tynjä added a comment - 2016-05-18 06:43

People

Dates